BY ROLE

ThreatConnect for
Threat Intel Analysts

Stay proactive with the ability to quickly prioritize threats and understand how they impact your organization. Automate tasks and easily access data so you can get this information to other team members and tools for faster decision making.

Aggregate Intelligence
Determine IOC Relevancy
Operationalize Intelligence
Turn Artifacts into Intel
Correlate Data Fast
Use Multiple Analysis Methodologies

Aggregate Intel to
Achieve Actionable Insights

Having disparate security tools and intelligence feeds prevents you from getting the most out of your technologies. Within ThreatConnect, you can aggregate all sources of intel, such as data feeds and technology blogs, as well as logs from endpoint technologies to identify correlations and achieve actionable insights.

Determine IOC Relevancy to Your Organization

Map indicators relevant to your organization through ThreatConnect with features such as tagging and customizable attributes. ThreatConnect’s CAL™, our Collective Analytics Layer, will also accelerate the time to understanding what IOCs are relevant by crowdsourcing intelligence data such as identifying false positives and trends hitting specific verticals, for example.

Disseminate Information to Other Teams and Tools

Get relevant and actionable insights from intelligence sources within the ThreatConnect Platform. Then, take action by providing those insights to the necessary people and technologies. Through integrations with all major SIEMs and other defensive tool providers, ThreatConnect gets intelligence to third-party tools in a format they can understand. Additionally, multiple integrations with communication tools like Slack present notifications in the tools that your team uses already.

Gather Artifacts from
Internal Cases and
Incidents to Turn into Intel

By encouraging information-sharing across your security teams, you’ll establish a feedback loop that allows for increased threat intelligence insight and relevance to your organization. ThreatConnect fosters this culture through supporting various integration mechanisms like a flexible REST API, easy import of even unstructured data, and an easy-to-use playbooks interface.

Correlate Data to Understand
Relationships Between Indicators

Correlating data to understand relationships between indicators is critical for threat intel analysts. With Graph View, easily pivot from one indicator to another to quickly understand relational information and build a fuller picture of things like specific threat actors or vulnerabilities.

Flexible Data Model
to Support Multiple
Analysis Methodologies

Whether you use the Diamond Model of Intrusion Analysis, Lockheed Martin’s Cyber Kill Chain, MITRE ATT&CK, or something entirely different, ThreatConnect will support you. You’re able to pivot between indicators and groups to spot patterns and tag indicators with categories like Kill Chain Stages for easy organization and analysis.